UK Online Safety Bill Progress

Kindus discussed the principles and issues behind the UK Online Safety Bill in 2022.  Since then it has moved through the parliamentary approval procedures and currently (March 2023) sits with the House of Lords with the final line by line examination of the bill at the committee stage still to take place.  A bill needs to go through parliament within a set period of time or it will be dropped.  Although a similar bill could be re-introduced again it would go back to the very first stages of the debate and approval process.  The expiry fate of the Online Safety Bill has already been extended as it currently due to expire on 20th July 2023.

The major change to the bill since Kindus first discussed it is that the requirement for companies to remove ‘legal but harmful’ content has been dropped.  This is the result of a debate between freedom of speech and the need to protect vulnerable users.  The nature of this category of content would need to have been specified within the bill and could have included items relating from controversial political opinions to promoting self-harm or activities linked to eating disorders. Hosting companies will still be required to oversee and control this material but they will not be required to set up methods to automatically block it.

There has been some backlash from technology companies who would be on the front line of enforcing the new law.  Their problem is that to enforce online safety they need to see what is going on within their engines.  This is hard enough on public platforms where privacy is not a prime concern.  Facebook will block posts and images that it considers offensive.  Google will remove undesirable content from its search results.  Most of this work is done by automated routines with filter criteria depending on the legislation within the target countries.

Other technologies, notably messaging and communications depend on privacy.  Any solution is going to require monitoring all transmissions as well as encrypting that data so that it cannot be examined later or can only be seen by authorised individuals.  This is not impossible.  A proposed solution would scan messages and images on a device before they are sent then refuse to send suspect content.   This would allow the degree of encryption of a message as it is sent to be maintained and hopefully ensure that no suspect data ever flows through the controller’s network. WhatsApp and Signal have both stated that they would close their UK operations if the Online Safety Bill as it stands becomes law.   The whole raison d’etre of Signal is to enable encrypted messaging.  WhatsApp also depends on the privacy of the data it shares.  These systems are used internationally although WhatsApp is currently banned in China, North Korea, Iran, Syria, UAE (United Arab Emirates), Bahrain, Egypt, Iraq, Morocco, Oman. The list could increase but these bans can usually be overcome by use of a VPN.

If a service such as WhatsApp were to introduce measures to scan messages for harmful content in the UK it should be doing the same throughout its operation because a UK user could use a VPN to pretend to be in a country where a similar law does not apply but WhatsApp might be still be breaking UK law.

The nature of VPNs and their ability to bypass local Internet regulations was brought up as an amendment to the act.  There is no mention of VPNs in the current version of the bill but the document very reasonably focuses on what should be done rather than specifying the technology of how it will be done.  VPNs themselves are legal, encrypted and widely used.  The anonymous browser technology Tor is not strictly a VPN but it does use encryption and could fall under the umbrella of the Online Safety Bill.

There can be no argument against the general principles of the bill in protecting vulnerable users.  Some individuals will find ways around any blocks put in place but these will be subject to other laws and their activities are less likely to impinge on casual users.  The major issue at present is which Internet operations will be affected by the law and how they will put technology into place to avoid the consequences of not keeping to their new responsibilities. It is possible that some will follow up on their promises to withdraw from the UK market when the bill passes into law. Unless there were a blanket threat of all companies affected refusing to cooperate it is probable that other enterprises will adapt to fill any gaps in the market resulting from the legislation.

More from Privacy


Push Notifications

Push Notifications are primarily seen as a marketing or advertising tool.   Another popular use is within chat applications; ensuring that subscribers keep up with …

Read post


EU Digital Services Act Implications

Kindus has already outlined the EU Digital Markets Act.  The Digital Services Act is another EU law that came into force on all platforms …

Read post


Web Browser Privacy

Various services offer the concept of private browsing.  In most cases this means that browsing history is kept secret from other users of the …

Read post


EU Digital Markets Act

The EU Digital Markets Act became law in 2022 and its terms began to apply from May 2023. Major Internet content providers needed to …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus